1. Training
  2. Education & Training Catalog
  3. CDW
  4. Incident Analysis

Incident Analysis

This introductory-level course is aimed at a broad audience - anyone who is interested in learning about the Incident Response Life Cycle and how to analyze, contain, and recover from a security incident. This is the second course in the Incident Response series, taking students through the critical processes that occur once a security event has been elevated to the status of a confirmed security incident.

The goals of this 3-day course are to have students analyze log and sensor data, network traffic, host-based artifacts, emails, and contextual data for evidence related to the attack vectors and scope of a breach, using FIRST CVSS 4.0 and other tools. Once this analysis is complete, students will use playbooks and industry-recognized resources, such as the MITRE ATT&CK matrix, to determine the appropriate follow-on actions for containment and recovery.

Provider Information

More courses from this provider:
https://www.cdw.com/(link is external)
Contact Information

CDW
625 W. Adams St.
Chicago, IL 60661

Course Overview

Overall Proficiency Level
1 - Basic
Course Prerequisites
  • Basic understanding of operating system internals
  • Familiarity with the general use of Windows systems
  • Basic understanding of how network traffic traverses intranets, extranets, cloud, and the internet.

Related Courses:

Training Purpose
Management Development
Skill Development
Specific Audience
All
Delivery Method
Classroom
Online, Instructor-Led
Course Locations

8890 McGaw Road
Suite 200
Columbia, MD 21045

625 W Adams Street
Chicago, IL 60661

5908 Headquarters Drive
Suite 400
Plano, TX 75024

201 N Franklin St
Floor 37
Tampa, FL 33602

40 E. Rio Salado Parkway
Suite 200
Tempe, AZ 85281

  • Classroom
  • Online, Instructor-Led

Learning Objectives

  • Identify the types of data relevant to information security events
  • Analyze host-based artifacts for the presence of anomalous activity
  • Assess log and sensor data for detection of anomalous activity
  • Assess contextual data sources for detection of anomalous activity
  • Analyze email traffic for the presence of anomalous activity
  • Analyze network traffic for the presence of anomalous activity
  • Apply playbooks to contain and mitigate threats
  • Recommend actions for containment and recovery using the Mitre ATT&CK matrix and detection use cases
  • Simulate best practices for containment, analysis, and recovery in an incident response scenario

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov(link sends email). Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.

Last Published Date:

You have been selected to participate in a brief survey about your experience today with National Initiative for Cybersecurity Careers and Studies.

Would you like to participate in our survey?

If you accept you will be leaving the National Initiative for Cybersecurity Careers and Studies website and going to a third party site.
That site may have different privacy, security and accessibility policies than the National Initiative for Cybersecurity Careers and Studies site.
National Initiative for Cybersecurity Careers and Studies does not endorse any commercial products, services, programs or content on the third party website.
Thank you for visiting our site. We hope your visit was informative and enjoyable.